Offsec says “Try Harder” & I “Tried Harder”

About Penetration Testing with Kali (PWK)

I am here to share my experiences with Penetration Testing with Kali Linux (PWK) course as well as Offensive Security Certified Professional (OSCP) certification lab and exam. Penetration Testing with Kali (PWK) is a self-paced online penetration testing course. Penetration testing with kali is not a beginner course, it requires much practice and loyalty. This Course has been designed by the Offensive Security team. For more you can check https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/.

Ready to go

As I said this course is not for beginners, so little prerequisite knowledge is required. Before starting lab or exam I would strongly suggest to bring carton of coffee.

I took the Penetration Testing with Kali (also known as PWB) on December of 2013, Because of my graduation I was not getting proper time to write review on Penetration testing with Kali (PWK), so I decided to write it now. I heard about the course when I was attending my CISE classes ( High School days). After being well practiced, I decided to pursue the certification and bought the 30 days of lab.

After registration with a corporate email address or proof of identity, I received course documentation in which contain study guide and video material. Additionally I received lab connectivity guide and package which allows me to connect with student lab.

I gave time to perform extra research on the topics in which I was not as familiar with. I do recommend completing all the exercises, because it pays off in exam.

Course Material

The course materials comes with 300 pages of pdf and videos. Course material are provided to develop your skills and learning. The lab guide contains number of exercises. Here is a motivational quote from PWK that really helpful for everyone.

“As Abraham Lincoln once said, “If I had six hours to chop down a tree, Iʹd spend the first three sharpening my axe.”

I found myself very familiar with some topics. I recommend first watching the videos and also read chapter in pdf. When watching or reading make sure to write down notes, this will both help you to remember what you learnt. I again recommend you to do more and more research on topics.

After registration I got access to offsec forum, as a student you can also download Kali VM from offsec forum. There is not much difference between publicly available one and customized version(VM), but customized version is specifically built for PWK course(You’ll get more details in forum). I do recommend to take backup of everything (VM, snapshots, report, notes, video, pdf etc.) and also never share course material, report, snapshot with anyone.

Lab Time

After finishing videos and exercises, you get to connect the lab through VPN package. If you face any problem in connectivity of lab so you can ask to admin using #offsec channel or you can check lab connectivity manual given by offsec. The offsec lab gives you access to 50–60 of machines with different flavors of Linux and Windows. You will deal with various range of web servers, mail servers, applications & many more. During this labs you will definitely learn some new techniques and knowledge to enhance your penetration testing skills which will help you in the real world scenario. As you move forward in the lab, you will uncover juicy details about the machines.

I recommend you to enumerate and get some idea from offsec bash scripting video its really time saving, also do scan for particular services and then dump it in txt file and to avoid re-scan every time. Remember one thing Enumerate, enumerate and enumerate.

Try to understand the techniques & response, analyze application/server behavior closely . I recommend to avoid to fully rely on Metasploit for your exploitation because Metasploit is restricted during the exam so try to learn Python, bash for automation and do manually as much as possible. Never rely on scanners/metasploit during lab and exams.

I invested around 15–18 hours a day. It’s really hard but it’s my dream to be an OSCP certified so I tried harder. Some machines are more tricky and painful (#pain, #humble and #sufferance) but I owned that machines also. Try to get on IRC channel. It would be helpful for you. You won’t get lot help from admin but some other students may help you.

The Exam time

As I said there are limitations on the use of Metasploit and automated vulnerability scanner. You have to book your exam slot, I booked my exam around about couple of week after my lab time has finished. You are given 24 hours to exploit 5 machines with various difficulties and each machines has allotted different points and another 24 hours to complete your report. You need 70 points to clear out OSCP exam. I have started with the machine having maximum points, but everyone have their own perceptions to solve the exam machines.

I bought energy drinks for the 48 hours. I received exam guide. I spent 14–16 hours to exploit machines and another hours to complete report. I submitted my report to offsec once I have done with the report and machines. Please don’t forget to prepare a checklist/notes during the examinations.

Dream comes true

A couple days later I got an e-mail that declared that I passed the examination and after a couple of moths I also got my hard-copy certification.

Drear Geet,

We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification challenge and have obtained your Offensive Security Certified Profession (OSCP) certification.

Conclusion

This was the most challenging course that i have ever experienced. The Offensive Security training and certifications forcing you to leverage what you learned to solve complex problems. This course is only possible for those who always “Try Harder”.

Being able to partially read and understand the flow of certain languages such as Ruby, Python, and Bash. An in depth understanding is not necessary, but try your best because you will be using and adjusting exploits during your lab time.

A solid understanding of TCP/IP, networking, and reasonable Linux skills.